rack-cors is vulnerable to directory traversal. The vulnerability exists as it does not escape nor resolve the path before evaluating the resource rules, allowing access to files outside the /public
folder.
CPE | Name | Operator | Version |
---|---|---|---|
rack-cors | le | 1.0.3 | |
ruby-rack-cors:xenial | eq | 0.4.0 | |
ruby-rack-cors:stretch | eq | 0.4.0-1+deb9u1 |